I know you mentioned easing the pain, but good old iptables worked for me - along with http://www.gentoo.org/doc/en/home-router-howto.xml - after using that initial setup and becoming somewhat familiar with iptables, I was able to modify a script to suit my needs, a 49-line file that gets what I need done.
On 8/27/05, William Kenworthy <[EMAIL PROTECTED]> wrote: > Or use monmotha and be up an running in a couple of minutes. I am using > 3 nics at the moment with it. I did try shorewall, but the setup time > and learning curve was so much greater I dumped it (the complexity > worried me as well - complex means it may be vulnerable to > misconfiguration). Mind you, on complex/commercial setups it probably > has an advantage, but not for SOHO/home use. > > BillK > > > On Sat, 2005-08-27 at 12:23 +0200, Oscar wrote: > > I've used both firehol and shorewall, and they're both great! > > But for a more advanced setup, I would recommend shorewall (firehol is a > > bit tricky at some points, like port-forwarding), it will save you a lot of > > time (setting up a 3 NIC firewall with shorewall takes less than 30 > > minutes)... > > > > Oscar > > > > On Fri, 26 Aug 2005 22:36:39 +0000 (UTC) > > James <[EMAIL PROTECTED]> wrote: > > > > > Hello, > > > > > > I've decided to take the plunge and build my first, full featured > > > firewall on Gentoo. At first I was going to use 'gnap' but further > > > reading reveals that this sort of derived firewall is stateless, > > > and I want a statefull firewall. It's also masked. > > > (feel free to correct me if I miss something). > > > > > > The firewall will have (3) nics, Outside(static IP) > > > DMZ for several web servers, mail server and DNS secondaries > > > and a private for a DNS server, PCs(doz) and assorted Linux systems. > > > So after googling for a while, I could not find any detailed documentation > > > on building a gentoo based robust firewall (I sure thought I'd ran across > > > such a page/document, but, nothing today). > > > > > > I did find some packages to 'ease the pain' on configuring iptables > > > and completing the firewall: Recommendations here? > > > fwbuilder > > > bastille > > > kmyfirewall > > > firestarter > > > > > > I did find this gentoo document: > > > http://www.gentoo.org/doc/en/home-router-howto.xml > > > This example is for a 2 nic basic firewall. > > > I need a dmz that will have web servers, dns servers, and > > > will ensure security. > > > > > > I did find one Debian-centric security document: > > > http://www.debian.org/doc/manuals/securing-debian-howto > > > > > > Alternatively, since this machine is only going to be a firewall > > > & ethernet router so rather than securing a complete Gentoo system > > > I could just use a 'firewall cd' installation, if one exists > > > as a Gentoo derivative. > > > > > > Any other ideas or recommendations on documents or firewall install > > > config on gentoo or a gentoo derivative are most welcome? > > > > > > Note: my firewall experience is mostly with openbsd. > > > > > > > > > James > > > > > > -- > > > gentoo-user@gentoo.org mailing list > > > > -- > William Kenworthy <[EMAIL PROTECTED]> > Home! > > -- > gentoo-user@gentoo.org mailing list > > -- - Mark Shields -- gentoo-user@gentoo.org mailing list
